Enable MySQL/MariaDB SSL for PDO/Laravel

Server side setup

Refer to this manual from MariaDB
https://mariadb.com/kb/en/securing-connections-for-client-and-server/

require_secure_transport = ON could be added to the my.cnf file to enforece SSL for all connections (including those from localhost & unix socket)

One way SSL

Without CA verification

PDO

$pdo = new PDO('mysql:host=db.example.com;dbname=image', 'laravel', 'laravel',array(
    PDO::MYSQL_ATTR_SSL_CA     => true,
    PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false));

Laravel (config/database.php)

// under mysql => options
'options' => extension_loaded('pdo_mysql') ? [
        PDO::MYSQL_ATTR_SSL_CA     => true,
        PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
 ] : []

PLEASE NOTE: array_filter in this original config file is REMOVED. Because entries with empty() value will be filtered, so that MYSQL_ATTR_SSL_VERIFY_SERVER_CERT will be removed.

MYSQL_ATTR_SSL_CA is set just to enable SSL (like mysql -h …. -u … -p –ssl)

With CA verification

PLEASE BE AWARE, the cert in this mode is domain validated. The MySQL server should use a cert with matched common name, 'db.example.com' for example. the use of domain name for the host is preferred.

Same to without verification, but set MYSQL_ATTR_SSL_VERIFY_SERVER_CERT to true. (Or just remove the attribute, since it's true by default)

Two way (mutual) SSL

PDO::MYSQL_ATTR_SSL_CA => "/path/to/ca-cert.pem",
PDO::MYSQL_ATTR_SSL_CERT => "/path/to/client-cert.pem",
PDO::MYSQL_ATTR_SSL_KEY => "/path/to/client-key.pem",
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false

MYSQL_ATTR_SSL_VERIFY_SERVER_CERT could be true or false, it depends.

Common Errors

PHP 'illegal hardware instruction' on MacOS

I'm using MacOS 10.15 using PHP 7.4.11 from homebrew.
This error basically happens when PDO SSL setup/verification failed.
For example:

PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages

Or maybe

PDO::__construct(): Peer certificate CN=Common name' did not match expected CN= domain'

I believe it's a platform specific issue.

PDO attribute not received by Laravel

Mentioned already.
array_filter will filter out all attributes with value of null/false/0/"" …
Remove it when you have to use those values.

Fixing a “Damaged App” from App Store

Background:

  • OSX (From Apple, or Hackintosh)
  • The App was purchased from the App Store with the current iCloud ID

The problem:

  • Unable to open a previously purchased App

The error:

“Magnet” is damaged and can’t be opened. Delete “Magnet” and download it again from the App Store.

It could be any paid app, in my case, 'Magnet'.

There exist a similar but common error caused by unsigned/modified third party apps (blocked by Gatekeeper)

App Is Damaged and Can’t Be Opened. You Should Move It To The Trash

This is NOT what my guide is talking about.

The Cause

The error basically means Apple is unable to verify the App purchased on this machine.

The MAC address of your en0 is part of the verification. Because all Macs come with a built-in Wifi/Ethernet Adapter.

Run this in your terminal to list all network interfaces.

networksetup -listallhardwareports

What exactly happened to my is, my hackintosh motherboard comes with two built-in Ethernet adapters. I disabled one (en0) from the BIOS few days after the OSX is installed.

How to fix

If you encountered the same error message, try the following:

(Software issue, basically sync your current en0 MAC address with iCloud)

  • Follow this guide from 1Password (also work for other apps from the App Store)
  • If that isn't help, continue:

(Hardware issue. in most cases, en0 not found)

  • list all network interfaces, find en0
  • If en0 is not found, enable it from BIOS (if you disabled it before)
  • If you didn't remove/disable any network hardware, rename your primary interface to en0, here are some useful resources
  • After that, follow the guide from 1Password again when necessary (when it's still not working)

If none of those work:

Go to network settings > tiny gear icon > Set service order
Open a terminal and run:

cd /Library/Preferences/SystemConfiguration/
sudo rm NetworkInterfaces.plist
sudo rm preferences.plist
Restart machine

Credit for this: Jeremy Wininger